Search form

You are here

Windows Media Player Vulnerability Security Issue -- Q320920

by Dennis Faas on July, 2 2002 at 08:07AM EDT

Woops! It looks like Microsoft has goofed again.

If you haven't been watching the news lately (maybe you don't get CNN?) -- Microsoft has released a security bulletin (Q320920) regarding a critical flaw in Windows Media Player which can allow an attacker to gain unrestricted access to your system.

Who is affected?

Anyone who is using Windows Media Player version 6.4, 7.1 or Windows Media Player for Windows XP (version 8) should download a software patch to their system immediately.

Side note: A software patch is piece of software that fixes a program (which is also software). In this case, the software patch for Media Player "fixes" the vulnerability found in Media Player 6.4, 7.1 or 8 (XP).

How do you check to see what version of Media Player is install on your system?

That is kind of tough to answer. If you have any version of Windows 95 or NT, you most likely don't have Media Player 6.4 installed unless you upgraded it sometime after the original Windows installation.

If you have Windows 98, 98SE, ME, 2000, or XP, you definitely have Media Player 6.4 installed on your system EVEN IF you have another version of Media Player. Yes -- that's right. You can have more than one version of Media Player installed on your system.

How to test for Media Player 6.4

Click START -> RUN. Then type in "mplayer2.exe" (no quotes) and press ENTER. If you have Windows Media Player 6.4, it will appear. If you don't have it, the system will tell you it can't find the file. After the Media Player window appears, Click HELP -> ABOUT to display the version number. It should say Media Player 6.4.xxx.

By default, Windows will use the "latest version" of Media Player that is installed on your system, even if version 6.4 is present. You can check your "default" installation of Media Player by clicking START -> PROGRAMS -> ACCESSORIES -> ENTERTAINMENT -> WINDOWS MEDIA PLAYER. After that, click HELP -> ABOUT. Look at the version number

So, what patches should you install?

If you're confused about all of this stuff, just download all 3 patches from Microsoft for Media Player 6.4, 7.1, and 8 (XP) and install them on your system. Run the media player 6.4 patch first, then the 7.1 patch, then the XP patch. Each software patch will only repair its matching counterpart, so don't worry -- you can't accidentally patch the wrong file.

RE: Does the Windows Update web site patch all versions of Media Player installed on a system?

Good question. The answer is that I don't know. If this was true, then why are there 3 separate patches available from Microsoft?

I suppose the only way to find that answer is to click START -> WINDOWS UPDATE and see if there is more than one patch listed for Media Player IF you have more than one version of Media Player installed on your system. Since I only have version 6.4 installed on my system, I wasn't able to test this theory. If this proved to be true, then you wouldn't need to download and install any of the patches separately. If you want to play it safe, just download all 3 patches and run them.

What makes Media Player vulnerable, anyway?

An attacker is able to manipulate a media file. When Media Player executes the malformed media file, the system is compromised. This type of an attack can be compared to a Trojan Horse Virus.

How are these types of files executed?

A manipulated media file can be download from a web site or can be sent as part of a HTML email. Basically, you wouldn't know if it hit you. That's why you need to get the patch.

How could an attacker seek to exploit this vulnerability through a web site?

From the Microsoft web site: "An attacker could seek to exploit this vulnerability by posting their media file on a web site under their control, and then enticing the user to visit that site. As soon as the page hosting the media file had loaded in the browser and the media file opened from within the IE cache, the attempt to exploit the vulnerability would be carried out."

How could an attacker seek to exploit this through HTML email?

From the Microsoft web site: "An attacker could seek to exploit this vulnerability by sending the media file as an attachment through HTML email. When the media file was opened from within the IE cache, the vulnerability would be exploited."